As you request:
postfix -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
config_directory = /usr/local/etc/postfix
debug_peer_level = 2
header_checks = regexp:$config_directory/header_checks
home_mailbox = Maildir/
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
inet_protocols = ipv4, ipv6
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = sunsaturn.com sunsaturn.sunsaturn.com localhost test.com
mydomain = test.com
myhostname = test.com
mynetworks = $config_directory/mynetworks
mynetworks_style = host
myorigin = $myhostname
newaliases_path = /usr/local/bin/newaliases
non_smtpd_milters = inet:localhost:10026
readme_directory = /usr/local/share/doc/postfix
relay_domains = permit_sasl_authenticated, permit_mynetworks
sample_directory = /usr/local/etc/postfix
sender_dependent_default_transport_maps =
mysql:$config_directory/mysql_outgoing.cf
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP
smtpd_milters = inet:localhost:10026
smtpd_recipient_restrictions = check_sender_access
hash:$config_directory/badmailfrom,permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unauth_destination,reject_unauth_pipelining,reject_invalid_hostname,reject_rbl_client
bl.spamcop.net,reject_rbl_client zen.spamhaus.org,reject_rbl_client
cbl.abuseat.org,reject_rbl_client psbl.surriel.com
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:$config_directory/mysql_aliases.cf
virtual_gid_maps = mysql:$config_directory/mysql_gids.cf
virtual_mailbox_base = /website/vuser
virtual_mailbox_domains = mysql:$config_directory/mysql_domains.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:$config_directory/mysql_mailbox.cf
virtual_minimum_uid = 2002
virtual_uid_maps = mysql:$config_directory/mysql_uids.cf
Mysql relevant table entries:
email domain maildir
te...@test.com test2.com test2.com/test2/Maildir/
uid gid
2003 2001
Great lets start with completely empty /website/vuser:
sunsaturn:~# rm -rf /website/vuser/*
sunsaturn:~# ls -al /website/vuser/
total 4K
drwxrwxrwx 2 postfix postfix 512 Nov 30 19:21 .
drwxr-xr-x 44 517 wheel 1024 Nov 30 04:10 ..
sunsaturn:~# chmod 755 /website/vuser; chown postfix /website/vuser
sunsaturn:~# ls -ald /website/vuser/
drwxr-xr-x 2 postfix postfix 512 Nov 30 19:21 /website/vuser/
sunsaturn:~#
Now lets see the permissions problem:
sunsaturn:~# echo test| mail te...@test2.com
sunsaturn:~# tail -10 /var/log/maillog
Nov 30 19:22:52 sunsaturn postfix/pickup[21923]: 3EA8C119C56: uid=0
from=<root>
Nov 30 19:22:52 sunsaturn postfix/cleanup[23168]: 3EA8C119C56:
message-id=<20101201012252.3ea8c119...@test.com>
Nov 30 19:22:52 sunsaturn dkim-filter[77781]: 3EA8C119C56 ADSP query:
missing parameter(s) in policy data
Nov 30 19:22:52 sunsaturn dkim-filter[77781]: 3EA8C119C56: no signature
data
Nov 30 19:22:52 sunsaturn postfix/qmgr[10416]: 3EA8C119C56:
from=<r...@test.com>, size=299, nrcpt=1 (queue active)
Nov 30 19:22:52 sunsaturn postfix/virtual[23170]: warning: maildir access
problem for UID/GID=2003/2001: create maildir file
/website/vuser/test2.com/test2/Maildir/tmp/1291166572.P23170.sunsaturn.com:
Permission denied
Nov 30 19:22:52 sunsaturn postfix/virtual[23170]: warning: perhaps you
need to create the maildirs in advance
Nov 30 19:22:52 sunsaturn postfix/virtual[23170]: 3EA8C119C56:
to=<te...@test2.com>, relay=virtual, delay=0.07, delays=0.03/0.02/0/0.02,
dsn=4.2.0, status=deferred (maildir delivery failed: create maildir file
/website/vuser/test2.com/test2/Maildir/tmp/1291166572.P23170.sunsaturn.com:
Permission denied)
sunsaturn:~#
Here we see problem for creating first directory under /website/vuser
Now lets chmod 777 /website/vuser so that it can create directories under
UID/GID=2003/2001 as it wants but in fact see that gid never is 2001.
Gid 2001 under my system is vuser:
sunsaturn:~# grep 2001 /etc/group
vuser:*:2001:
sunsaturn:~# chmod 777 /website/vuser; cd /website/vuser
sunsaturn:/website/vuser# echo test| mail te...@test2.com
How from logs we can see it actually gets delivered:
Nov 30 19:28:03 sunsaturn postfix/qmgr[10416]: DC276119C60:
from=<r...@test.com>, size=299, nrcpt=1 (queue active)
Nov 30 19:28:03 sunsaturn postfix/virtual[23237]: DC276119C60:
to=<te...@test2.com>, relay=virtual, delay=0.01, delays=0.01/0/0/0,
dsn=2.0.0, status=sent (delivered to maildir)
Nov 30 19:28:03 sunsaturn postfix/qmgr[10416]: DC276119C60: removed
Nov 30 19:29:03 sunsaturn postfix/qmgr[10416]: 3EA8C119C56:
from=<r...@test.com>, size=299, nrcpt=1 (queue active)
Nov 30 19:29:03 sunsaturn postfix/virtual[23237]: 3EA8C119C56:
to=<te...@test2.com>, relay=virtual, delay=372, delays=372/0/0/0,
dsn=2.0.0, status=sent (delivered to maildir)
Nov 30 19:29:03 sunsaturn postfix/qmgr[10416]: 3EA8C119C56: removed
So lets check file structure:
sunsaturn:/website/vuser# ls -al
total 6K
drwxrwxrwx 3 postfix postfix 512 Nov 30 19:28 .
drwxr-xr-x 44 517 wheel 1024 Nov 30 04:10 ..
drwx------ 3 2003 postfix 512 Nov 30 19:28 test2.com
sunsaturn:/website/vuser# ls
test2.com
sunsaturn:/website/vuser# find test2.com|xargs ls -al
-rw------- 1 2003 postfix 347 Nov 30 19:28
test2.com/test2/Maildir/new/1291166883.V59Ib97008M906598.sunsaturn.com
-rw------- 1 2003 postfix 347 Nov 30 19:29
test2.com/test2/Maildir/new/1291166943.V59Ib97001M911353.sunsaturn.com
test2.com:
total 6
drwx------ 3 2003 postfix 512 Nov 30 19:28 .
drwxrwxrwx 3 postfix postfix 512 Nov 30 19:28 ..
drwx------ 3 2003 postfix 512 Nov 30 19:28 test2
test2.com/test2:
total 6
drwx------ 3 2003 postfix 512 Nov 30 19:28 .
drwx------ 3 2003 postfix 512 Nov 30 19:28 ..
drwx------ 5 2003 postfix 512 Nov 30 19:28 Maildir
test2.com/test2/Maildir:
total 10
drwx------ 5 2003 postfix 512 Nov 30 19:28 .
drwx------ 3 2003 postfix 512 Nov 30 19:28 ..
drwx------ 2 2003 postfix 512 Nov 30 19:28 cur
drwx------ 2 2003 postfix 512 Nov 30 19:29 new
drwx------ 2 2003 postfix 512 Nov 30 19:29 tmp
test2.com/test2/Maildir/cur:
total 4
drwx------ 2 2003 postfix 512 Nov 30 19:28 .
drwx------ 5 2003 postfix 512 Nov 30 19:28 ..
test2.com/test2/Maildir/new:
total 8
drwx------ 2 2003 postfix 512 Nov 30 19:29 .
drwx------ 5 2003 postfix 512 Nov 30 19:28 ..
-rw------- 1 2003 postfix 347 Nov 30 19:28
1291166883.V59Ib97008M906598.sunsaturn.com
-rw------- 1 2003 postfix 347 Nov 30 19:29
1291166943.V59Ib97001M911353.sunsaturn.com
test2.com/test2/Maildir/tmp:
total 4
drwx------ 2 2003 postfix 512 Nov 30 19:29 .
drwx------ 5 2003 postfix 512 Nov 30 19:28 ..
sunsaturn:/website/vuser#
We can clearly see here that postfix changed uid correctly as defined by
virtual_uid_maps entry but ignored virtual_gid_maps completely.
Hope this is detailed enough, let me know if you need anything more.
Seems to me gid problem is because effective userid is being changed
but effective gid is not, I am not sure if this is just freebsd related or
not.
As for first problem unable to create initial directory, my suggestion is
if mkdir fails under effective UID first time, then add if statement to
change effective uid to root, make first directory, chown it to effective
user id, then repeat.
Dan.
On Tue, 30 Nov 2010, Brian Evans - Postfix List wrote:
On 11/30/2010 11:49 AM, Dan wrote:
On freebsd 8.0: standard install from ports collection:
1) virtual_gid_maps problems #GID does not appear to be working
virtual_gid_maps = mysql:$config_directory/mysql_gids.cf
#virtual_gid_maps = static:2001
Instead of quoting sections of main.cf, please check 'postconf -n' and post
that instead.
This avoids problems of what Postfix is actually using versus what you claim
is right.
Postfix creates new directories/mail with gid of postfix user only,
completely ignoring virtual_gid_maps. I have tested both static and mysql
configurations, same result.
2) Postfix is not changing to root then chown'ing directories to
appropriate virtual_uid_maps. Please see proftpd code as how they
accomplish this. Problem is when you add a new "maildir" to mysql table
that has not existed before, postfix will change euid to the uid of
virtual_uid_maps, then attempt to create directories, which forces sys
admin to make the virtual_base directory mode 777 as it constantly needs to
create directories with new UIDs within there, so just doing a euid change
to uid of virtual_uid_maps is not enough to do the initial create of first
directory.
Obviously a solution to this is for enduser to create the first directory
ahead of time, but this should really be done server side.
Dan.
